I design based on risk, and I have been in infosec all my very long career.
This is nothing wrong with having a .forward file in the situation posted by the original poster, IMHO.
There is no risks identified, there are no vulnerabilities identified, there are no threats identified.
I have been in infosec all my very long UNIX and Linux career, and have a CISSP, yadda, yadda, yadda... Security is based on risk, not speculation.
One of my biggest "pet peeves" are people who make blanket "this is not good" statements in the absence of any risk analysis. This is the biggest mistake many technical people make in IT security.
If you are going to make "sweeping statements" about "this is good" and "this is not good" here, you need to be prepared to completely back it up, technically, since I run the forums, LOL... You are not going to "beat me into submission, I assure you"
There is no technical argument (that you have made) where in a low risk situation on a shared server with an unprivileged user that a
.forward file is such a high risk.
If you are willing to stop "hand waving" and provide technical facts on what the vulnerability, threat and risk of this original posters application, I'm all ears
Otherwise, move on. Thanks.
---------- Post updated at 17:27 ---------- Previous update was at 17:24 ----------
Note:
I did a Google search on these terms:
...and after looking at around 8 pages, found nothing interesting.